2 changed files with 43 additions and 32 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-<img align="right" height="216" src="https://raskinthewild.com/pawdanse.png"  />
+<img align="right" height="216" src="https://cloud.protogen.engineering/public.php/dav/files/6PPN3gmR75Ccqmc/"  />
 <br clear="bottom">
 <br clear="bottom">
 <br clear="bottom">
@ -78,38 +78,36 @@ vim pawdance-client.conf
 Example **client** config:
 ```bash
-# ---------------------------------------------------------------------------
+# pawdance client example config
-# pawdance
+ROLE="client"
 # ---------------------------------------------------------------------------
 ROLE="client"              # client or server
-CONNECT_MODE="auto"         # dns|ip|auto
+# How to reach the server
-REMOTE_HOST="vpn.example.com"   # used when dns/auto
+CONNECT_MODE="dns"           # dns | ip | auto
-# REMOTE_CONNECT_IP4="203.0.113.42"   # used when ip/auto with no REMOTE_HOST.
+REMOTE_HOST="vps.your.domain"
 # REMOTE_CONNECT_IP4="203.0.113.42"
 # REMOTE_CONNECT_IP6="2001:db8::42"
-CONNECT_PREFER="auto"       # auto|ipv4|ipv6
+CONNECT_PREFER="ipv4"         # auto | ipv4 | ipv6
-# --- SSH authentication -----------------------------------------------------
+REMOTE_USER="stinky"
 REMOTE_USER="youruser"
 SSH_KEY_MODE="false"        # true = pass explicit key; false = default chain
 SSH_KEY="/home/alice/.ssh/id_ed25519" # only if SSH_KEY_MODE=true
-# --- Tunnel parameters ------------------------------------------------------
+# Tunnel interface
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
 LOCAL_IP4="10.0.1.2/24"
 REMOTE_IP4="10.0.1.1"
 LOCAL_IP6="2001:db8:1::2/64"
 REMOTE_IP6="2001:db8:1::1"
 MTU="1500"
-# --- Crypto preferences -----------------------------------------
+# Optional: post‑quantum crypto overrides
 SSH_KEX="mlkem768x25519-sha256"
 SSH_CIPHERS="chacha20-poly1305@openssh.com"
 SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com"
-# use remote server as vpn for all traffic.
+# Push whole‑internet routes through the tunnel?
 # if set to false, vpn becomes transparent.
 DEFAULT_ROUTE_IPV4="true"
 DEFAULT_ROUTE_IPV6="true"
 ```
@ -125,24 +123,20 @@ vim srv-config.conf
 Example **server** config:
 ```bash
 # ---------------------------------------------------------------------------
 # pawdance
 # ---------------------------------------------------------------------------
 ROLE="server"
 # --- Tunnel parameters ------------------------------------------------------
 TUN_INDEX="1"
 TUN_DEV="tun${TUN_INDEX}"
 LOCAL_IP4="10.0.1.1/24"
 LOCAL_IP6="2001:db8:1::1/64"
 MTU="1500"
-# allow clients to accsess networks on the server?
+# allow VPN clients to access other networks?
-VPN_FORWARD="true"  # iptables/ip6tables FORWARD rules
+VPN_FORWARD="true"   # adds iptables/ip6tables FORWARD rules
-#keep this to true. It is required for the tunnel to work.
+# keep this true (required for routing)
-# this enables net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
+IP_FORWARD="true"    # sets net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
 IP_FORWARD="true"
 ```
@ -191,7 +185,6 @@ This removes:
 * any iptables/ip6tables **FORWARD** rules added by Pawdance  
 (Kernel forwarding sysctls remain as you set them.)
 useful if script was terminated forcefully. Or you wanna remove tun from server. 
 ---
--- a/28
+++ b/28
@ -1,10 +1,28 @@
 #!/usr/bin/env bash
-# pawdance.sh - EXACT client *and* server logic driven by an easy‑to‑edit config file
+# pawdance.sh – EXACT client *and* server logic driven by an easy‑to‑edit config file
-# 
+# -----------------------------------------------------------------------------
 # Modes (ROLE in config):
 #   client – brings up a point‑to‑point tunnel by SSH‑w’ing into the server.
 #   server – creates the matching tunnel locally and (optionally) enables routing.
 #
 # Connection source (CONNECT_MODE):
 #   dns   – resolve REMOTE_HOST on every run.
 #   ip    – use the hard‑coded REMOTE_CONNECT_IP4 and/or REMOTE_CONNECT_IP6.
 #   auto  – if REMOTE_HOST is set use dns, otherwise ip (default).
 #
 # Extra dial options:
 #   CONNECT_PREFER   – which address family to try first (auto|ipv4|ipv6).
 #   SSH_KEY_MODE     – set to "true" to pass an explicit private key via -i.
 #   SSH_KEY          – absolute path to that key (required if SSH_KEY_MODE=true).
 #
 # -----------------------------------------------------------------------------
 # v4.5.1 – better --help, commented example configs, SSH_KEY_MODE support.
 # -----------------------------------------------------------------------------
 set -euo pipefail
 SCRIPT_NAME="pawdance"
-VERSION="4.5.2"
+VERSION="4.5.1"
 CONFIG_FILE=""
 SUBCMD=""
@ -231,7 +249,7 @@ client_up() {
  [[ -n "$REMOTE_IP6_RESOLVED" && -n "$IPV6_GW" ]] && \
    $SUDO ip -6 route add "$REMOTE_IP6_RESOLVED" via "$IPV6_GW" dev "$IFACE6"
-  log "Setting default routes (metric1)…"
+  log "Setting default routes (metric 1)…"
  [[ "$DEFAULT_ROUTE_IPV4" == "true" && -n "$REMOTE_IP4" ]] && \
    $SUDO ip  route add default via "$REMOTE_IP4" dev "$TUN_DEV" metric 1
  [[ "$DEFAULT_ROUTE_IPV6" == "true" && -n "$REMOTE_IP6" ]] && \
@ -290,7 +308,7 @@ server_up() {
 # -------------- CLI --------------
 usage() {
 cat <<EOF
-$SCRIPT_NAME $VERSION - vpn wrapper over SSH
+$SCRIPT_NAME $VERSION – vpn wrapper over SSH
 Sub‑commands:
  up     --config <file>      Bring tunnel up (client or server, per ROLE).